<?php
include('common/constants.php');
include('common/db.php');

if (!isset( $_POST )){
	echo "Nothing to save.";
}

//create array to temporarily grab variables
$input_arr = array();
//grabs the $_POST variables and adds slashes
foreach ($_POST as $key => $input_arr) {
	$_POST[$key] = addslashes(htmlspecialchars($input_arr));
}

$slctSql = " SELECT * FROM user where email='". $_POST['email']. "'";
$result = mysql_query($slctSql) or trigger_error(mysql_error());
$num = mysql_num_rows($result);

if ($num != 0) {
	//echo "Record for this user is already in DB. Updating the existing one...";
	$updateSql = "UPDATE `user` SET `password`='{$_POST['txt_pwd']}',`user_type`='{$_POST['user_type']}',`name`='{$_POST['name']}',`gender`='{$_POST['gender']}',`age`='{$_POST['age']}',`profession`='{$_POST['profession']}',`phone_number`='{$_POST['txt_mobile']}',`address`='{$_POST['address']}' WHERE `email`='". $_POST['email']. "'";
	
	//echo "updateSql : " . $updateSql;
	if(mysql_query($updateSql)){
		echo "Update successfull.";
		
		session_start();
		if (isset($_SESSION['user_name'])) {
			$_SESSION['user_name'] = $_POST['name'];
		}
		
	}else{
		echo "Update failed.";
	}
	
}
?>